A dangerous bug has been found in a software component called Bash, commonly used in Linux systems and in Apple’s Mac operating system. Dubbed shellshock, the bug can be used to remotely take control of almost any computer system, and according to a report by BBC News, some experts believe this bug may be more serious than Heartbleed, discovered in April.
Prof Alan Woodward, a security researcher from Surrey, told the BBC, “Whereas something like Heartbleed was all about sniffing what was going on, this was about giving you direct access to the system. The door’s wide open.”
Experts estimate that Shellshock could hit 500 million machines. The problem is even more serious because many web servers use the Apache system, which uses the Bash software component. Bash stands for Bourne-Again-SHell and it’s a command prompt on many unix computers. Unix is an operating system on which other operating systems like Linux and Mac OS are built off.
The U.S. Computer Emergency readiness Team (US-Cert) is warning people about Shellshock and urging administrators to apply patches. However, some security researchers say patches are incomplete and will not fully secure systems.
According to an analysis by Mark Ward, a technology correspondent for the BBC, Shellshock rates a 10 on the vulnerability scale, but it is still too early to know how widespread its effect might be.